Recently active topics

If you manage F5 BIG-IP Access Policy Manager (APM) anywhere in your environment, this one demands your immediate attention.On March 27, 2026, CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation of a critical flaw in F5 BIG-IP APM. Federal Civilian Executive Branch (FCEB) agencies were given until March 30, 2026 — just 72 hours — to remediate. That kind of deadline reflects just how serious CISA considers this threat. What Happened — and Why the UrgencyThis vulnerability has a bit of a history that makes it particularly tricky. CVE-2025-53521 was originally disclosed by F5 back in October 2025 as part of their quarterly security advisory cycle. At the time, it was categorized as a denial-of-service (DoS) vulnerability with a CVSS v4 score of 8.7 — serious, but not immediately alarming for organizations that were still working through their patch queues.Fast forward to March 2026. F5 revised its advisory based on new

The Problem with “It Doesn’t Hurt Anything”Over time, stale configuration creates real friction:Configs become harder to read and reason about Engineers hesitate to make changes because “something might depend on it” Troubleshooting takes longer because it’s unclear what actually matters The network slowly accumulates configuration debtNone of this usually comes from bad configuration. It comes from old configuration that was never cleaned up.The Core ObjectiveThe primary objective of this approach is not to modify or remove configuration automatically, but to make potential problem areas visible.Identify configuration elements that are likely unused Extract them in a consistent, scalable way Present the results in a form that engineers can easily understandOnce those configs are visible, humans can make informed decisions instead of guessing.NQE for Cisco ASAThis NQE identifies objects that are not used by any ACL entries.  This is just one example of how we can quickly identify “conf

Hi TeamI am looking for some help to create a workplace in FN.This workplace will contain only CISCO devices and NQEs (BGP status and Interface Status). I want to auto execute this workspace (snapshot) by every 30 mins so that I can fetch interface and BGP status of cisco devices. Any help on this really appreciated. Thank you.  

We're excited to share that, by popular demand, In-App Audit Logs are now available, giving org admins full visibility into activity across their Forward Networks platform - no support ticket required. Where to find itHead to Platform → System → Audit Logs to get started.Full visibility into platform activityAudit Logs capture every meaningful change in your environment, including create, update, and delete operations, as well as authentication events. Every log entry includes the timestamp, originating IP address, the user who performed the action, the HTTP method used, the target object affected, and the outcome, giving you a complete, reliable picture of what happened and when.Accountability built inImpersonation activity is fully visible too. If an action is taken on behalf of another user, the log clearly reflects that, so you always have an accurate record of changes in your environment.Powerful filtering and exportFinding the events you care about is quick and easy. Every column

 Hi team,Is there a way to see or get API logs to know which user has performed what kind of api calls & actions ( read / view / change)  using thier account?

Sequential Thinking in NQE using State Pipeline One interesting challenge when writing logic in NQE is that the language does not support a traditional sequential programming style (loops, mutable variables, recursion, etc.).But we can emulate iteration by threading state through a series of transformations.This resembles techniques used in functional programming such as state threading or CPS-like transformations, where computation is expressed as a chain of pure transformations.Let’s look at a simple example: computing the integer log₂(i) using a sequential algorithm.Sequential C-like styleint log2(int i) {int e = 32, b = 0;while (e >= 1) { if (i >= 2 ** e) { i /= (2 ** e); b += e; } return b;}Conceptually, each loop iteration transforms the state:(i, e, b) → (i', e/2, b')Since NQE has no while statement, we first unroll the iterations:if (i >= 2^32) { i /= 2^32; b += 32; }if (i >= 2^16) { i /= 2^16; b += 16; }if (i >= 2^8) { i /= 2^8; b += 8; }if (i >= 2

I’ve brought this up a few times on calls with our account team. It would be really helpful if we could filter with a bit more flexibility in Sources & Inventories.Currently, if I’m searching for a Tag the logic is a “OR” so if I want a device in “APAC” && “Switch” && “Arista” I can’t get a reduced set of devices.It would be great to combine the filtering to isolate devices more quickly. 

This is a script that ​@rob helped greatly with. It parses through SNMP configuration on IOS-XE devices. Then does a comparison of the templates in the file and provides:What’s missing, what is extra, and the captured configuration.I’ve added additional functionality to leverage tagging, which helps identify which config block belongs to what kind of devices. I have documented as best I can, hopefully this helps other as much as it’s helping me. /*** * @intent SNMP Validation (IOS) * @description Validates Cisco IOS-XE SNMP configs and extracts community/host details. * * LOGIC SUMMARY: * 1. Checks device against 3 regional patterns (AMRS, EMEA, APAC). * 2. Uses the 'Hybrid Approach': * - Uses 'device.files.config' (Bag) for the blockDiff engine (Accuracy). * - Uses 'configAsString' (String) for Regex extraction (Speed). * 3. Outputs a clean table with missing lines and current settings.***/// Tagging Function to look for tagged devices in order to classify configuration appropriatelye

The Bottom Line Up Front (BLUF) In networking, we’ve spent decades eliminating single points of failure — redundant power, redundant links, redundant clusters. Recent policy shifts affecting AI providers are a reminder that AI models themselves can become a new kind of single point of failure. When organizations suddenly need to stop using a specific model due to policy, regulatory, or geopolitical reasons, entire workflows can break overnight. That’s why model-agnostic architectures are quickly becoming a requirement, not a luxury. A New Kind of Risk Engineers usually think about failure in technical terms: hardware failure network outages power loss AI introduces a different category of risk.If your product, automation pipeline, or internal workflow relies entirely on one AI provider, your roadmap becomes tied to that provider’s regulatory and business environment. That dependency may work fine today — until it doesn’t. The lesson here isn’t about which model is best. It’s about